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Abstract 

This paper studies the problem of detecting a potential malicious relay node by a source node that relies on the relay to forward 
information to other nodes. The channel model of two source nodes simultaneously sending symbols to a relay is considered. 
The relay is contracted to forward the symbols that it receives back to the sources in the amplify-and-forward manner. However 
there is a chance that the relay may send altered symbols back to the sources. Each source attempts to individually detect such 
malicious acts of the relay by comparing the empirical distribution of the symbols that it receives from the relay conditioned on its 
own transmitted symbols with known stochastic characteristics of the channel. It is shown that maliciousness of the relay can be 
asymptotically detected with sufficient channel observations if and only if the channel satisfies a non-manipulable condition, which 
can be easily checked. As a result, the non-manipulable condition provides us a clear-cut criterion to determine the detectability 
of the aforementioned class of symbol manipulation attacks potentially conducted by the relay. 

Index Terms 

Maliciousness detection, symbol manipulation, amplify-and-forward relay, physical-layer security, trust metric valuation. 

I. Introduction 

It is a commonplace in many communication networks that no direct physical link exists between the source and destination 
nodes of an information flow. Thus information needs to be relayed from the source to the destination through intermediate 
nodes. This requirement brings forth a major security question: How is one able to ensure that the intermediate nodes faithfully 
forward information from the source to the destination? Trust management [T|-|[3) is a widely researched approach to address 
this question. In essence, trust management pertains to the establishment, distribution, and maintenance of trust relationships 
among nodes in a network. Based upon such relationships, it is expected that trusted nodes will faithfully operate according 
to some protocols that they have agreed upon. 

The aforementioned trust relationships are primarily quantified using trust metrics that are evaluated through nodes interacting 
with and observing the behaviors of each other [4]-[9|. For nodes that do not directly interact with each other, trust relationships 
can be established and maintained via inference [10|. It is clear that the valuation of trust metrics is critically important in 
this trust management approach. Many different ways have been proposed to evaluate the trust metrics based on authentication 
keys llTTl . [12 1, 1131 , reputation lfl4ll . 11151 , and evidence collected from network as well as physical interaction JT6), 1171 . 
Ifl8l . Given the complexity and difficulty involved in quantifying the vague notion of trust, one would expect these valuation 
schemes are naturally ad hoc. 

To more systematically construct a trust metric, one needs to specify the class of malicious actions against which the metric 
measures. In this paper, we consider a class of data manipulation attacks in which intermediate nodes may alter the channel 
symbols that they are supposed to forward. We cast the trust metric valuation problem as a maliciousness detection problem 
against this class of attacks. More precisely, a node (or another trusted node called a watchdog [19]) detects if another node 
relays manipulated symbols that are different from those originally sent out by the node itself. Observations for detection 
against the malicious attack can be made in the physical and/or higher layers. 

Most existing maliciousness detection methods are key-based, requiring at the minimum the source and destination nodes 
to share a secret key that is not privy to the relay node being examined. In |20l . keys, which correspond to vectors in a 
null space, are given to all nodes in a network. Any modification to the encrypted data by a relay node can be checked by 
determining whether the observed data falls into the null space or not. In IF2TI . symmetric cryptographic keys are applied to 
the data at source and destination for the purpose of checking the maliciousness of relay node(s). Another key-based approach 
is considered in 1221 by measuring whether only a small amount of packets are dropped by relay nodes. In ll23l . a cross-layer 
approach based on measurement of channel symbols is taken. Two keys are employed in that scheme; one to create a set 
of known data and another to make the data indistinguishable from the key. When the destination receives the message, the 
probability of error of the transmitted values of the key can be used to determine if the relay node is acting maliciously. 
In all, the key-based maliciousness detection schemes described above are far from desirable as they require the support of 
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Fig. 1: Motivating example of a binary-input addition channel. 



some key distribution mechanism, which in turn presumes the existence of inherently trusted nodes in the network. Moreover 
some key-based methods have been shown insecure in E4l when nondeterminism and bit-level representation of the data is 
considered. 

For the class of symbol manipulation attacks, it is intuitive that maliciousness of a node should be detected by the nearby 
nodes based on measurements obtained at the lower layers, since such measurements are more reliable than those made 
by faraway nodes and at the higher layers as there are fewer chances for potential adversaries to tamper with the former 
measurements. Hence we investigate the maliciousness detectability problem from a physical-layer perspective by considering 
a model in which two sources want to share information through a potentially untrustworthy relay node that is supposed to 
relay the information in the amplify-and-forward manner. In 11251 . we provide a preliminary study on the problem under a 
restrictive case in which the relay may only modify the channel symbols based on some independent and identically distributed 
(i.i.d) attack model, and the source nodes can perfectly observe the symbols forwarded by the relay. In this paper, we extend 
the treatment to a general channel model and an effectively general class of symbol manipulation attacks. The details of the 



channel and attack models are provided in Section III 



In Section[II] we qualitatively discuss maliciousness detectability in a simple binary-input addition channel in order to motivate 
the detectability problem. This example has been presented in [25]. It is repeated here for easy reference. In Section [W] we 
state our main result, which is a necessary and sufficient condition on the channel that guarantees asymptotic detection of 
maliciousness individually by both source nodes using empirical distributions of their respective observations. We also provide 



algorithms to check for the stated condition. The results presented in Section IV make clear that maliciousness detectability 



under our model is a consequence of the stochastic characteristics of the channel and the sources. It works solely based on 
observations made by the source nodes about the symbols sent by the relay node together with knowledge about the channel. 
No presumed shared secret between any set of nodes is required or used. Thus the proposed maliciousness detection approach 
can be used independent of or in conjunction with the key-based methods described above to provide another level of protection 
against adversaries 

The proofs of the results in Section IV are provided later in Section VI In Section [V] we present results from numerical 
simulation studies of the addition channel example in Sectionlllland other more complicated channels to illustrate the asymptotic 



detectability results in Section IV with finite observations. Finally we draw a few conclusions about this work in Section VII 



II. Motivating Example 

To motivate the maliciousness detectability model and results in later sections, let us first consider the simple binary-input 
addition channel shown in Fig. [T] in which two source nodes (Alice & Bob) communicate to one another through a relay node 
(Romeo) in discrete time instants. The source alphabets of Alice and Bob are both binary {0, 1}. The channel from Alice and 
Bob to Romeo is defined by the summation of the symbols transmitted by Alice and Bob. Romeo is supposed to broadcast 
his observed symbol, without modification, back to Alice and Bob. Both Alice and Bob observe the symbol transmitted by 
Romeo perfectly. Thus the input and output alphabets of Romeo and the observation alphabets of both Alice and Bob are all 
ternary {0, 1, 2}. Alice, for instance, can obtain Bob's source symbol by subtracting her own source symbol from the symbol 
transmitted by Romeo. 

Now consider the possibility that Romeo may not faithfully forward the symbol that he observes to Alice and Bob in an 
attempt to impede the communication between them. The main question that we are interested in is whether Alice and Bob 
are able to discern, from their respective observed symbols, if Romeo is acting maliciously by forwarding symbols that are 
different than those he has received. To proceed answering this question, let us first consider a single round of transmission, 
i.e., Alice and Bob transmit their source symbols to Romeo and then Romeo broadcasts a symbol (may be different than what 
he has received) back to Alice and Bob. Suppose that Alice sends a and receives a 2 back from Romeo. Then it will be 
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TABLE I: Possible outcomes of the system in Fig. 1 



Alice 


Bob 


Romeo 
In 


Romeo 
Out 


Detection Outcome 











Not malicious 











1 


Not detected 








2 


Alice & Bob both detect 











Bob detects 





1 


1 


1 


Not malicious 








2 


Alice detects 











Alice detects 


1 





1 


1 


Not malicious 








2 


Bob detects 











Alice & Bob both detect 


1 


1 


2 


1 


Not detected 








2 


Not malicious 



clear to her that Romeo must have modified what he has received. On the other hand, if Alice receives a 1 back, then she will 
not be able to tell whether Romeo has acted maliciously or not. One can continue this line of simple deduction to obtain all 
the possible outcomes in Table [I] It is clear from the table that neither Alice nor Bob will be able to determine if Romeo is 
malicious in general from a single round of transmission. 

However the situation changes if Alice and Bob know the source distributions of one another and are allowed to decide 
on the maliciousness of Romeo over multiple rounds of transmission. To further elaborate, suppose that the source symbols 
of Bob and Alice are i.i.d. Bernoulli random variables with parameter |. Then the probabilities of the events that Romeo's 
input symbol takes on the values 0, 1, and 2 are j, \, and j, respectively. In particular, out of many rounds of transmission 
one would expect half of the symbols transmitted by Romeo be l's. From Table [I] we see that for Romeo to be malicious 
and remained undetected by neither Alice nor Bob, he can only change a to a 1 and a 2 to a 1 in any single round of 
transmission. But if he does so often, the number of l's that he sends out will be more than half of the number of transmission 
rounds, as expected from normal operation. On the other hand, Romeo can fool one of Alice and Bob by changing a 1 to 
either a or 2. But he is not able to determine in each change whether Alice or Bob is fooled. Hence over many such changes 
the probability of not being detected become decreasingly small. In summary, Alice and Bob may individually deduce any 
maliciousness of Romeo by observing the distribution of Romeo's output symbol conditioned on their respective own input 
symbols. This capability is induced by the restrictions on what Romeo can do that are imposed by the characteristic of the 
addition channel depicted in Fig. [T] It is important to notice that Alice and Bob do not need to possess any shared secret that 
is not privy to Romeo. 

III. System Model 

A. Notation 

Let a be a lxra row vector and A be a mxn matrix. For i — 1,2, ... ,m and j — 1,2, ... ,n, ai and [a]i both denote the 
ith element of a, and Aij and [A],- j both denote the (i,j)th element of A. Whenever there is no ambiguity, we will employ 
the unbracketed notation for simplicity. Moreover, we write the ith row of A as Ai. Of course, [Ai]j = Aij. Let the transpose 
of A be denoted by A T . Then the jth column of A is (Aj) T . It is our convention that all column vectors are written as the 
transposes of row vectors. For instance, a is a row vector and a T is a column vector. The Li-norm of a is ||a||i = Y^iLi l a il> 
while the Euclidean norm of a is ||a||2 = Vaa T . The operation vec(A) vectorizes the matrix A by stacking its columns to 
form a mnxl column vector. We define ||A||i = ||vec(A)||i and ||A||2 = || vec(j4) || 2 ■ Note that ||A||2 is the Frobenius norm 
of A. The identity and zero matrices of any dimension are denoted by the generic symbols / and 0, respectively. 

Let X be a discrete random variable. We use \X\ to denote the size of the alphabet of X. Our convention is to use the 
corresponding lowercase letter to denote the elements in the alphabet of a random variable. For example, the alphabet of X 
is {xi,X2, ■ ■ ■ ,x\x\}- We denote the probability mass function (pmf) Pr(X — Xj) by p(xj). In addition, let X and Y be two 
discrete random variables. We denote the conditional pmf Pr(Y = yi\X = xj) by p(jji\Xj) for simplicity. Let x N denote a 
sequence of N symbols drawn from the alphabet of X. The counting function ir(xi;x N ) denotes the number of occurrences 
of Xi, the ith symbol in the alphabet of X as described above, in the sequence x . Let l n (xi;x N ) be the indicator function 
of the condition that the nth symbol in the sequence x N is x*. Then we clearly have 

N 

ir(x l ;x N ) = ^ l n{xi,x N ). 

n=l 

The counting function also trivially extends to give the number of occurrences of a tuple of symbols drawn from the 
corresponding tuple of alphabets of random variables. For example, if x N and y N are length- N sequences of symbols drawn 
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Fig. 2: Amplify-and-forward relaying model. 



from the alphabets of X and Y, respectively, then 

Tr(x l ,y j ;x N ,y N ) = ^ l n (x l ;x N )l n (y J ;y N ). 



N 



The set of typical X-sequences (e.g., Il26l Definition 6.1]) is denoted by 



1 [X],S 



\X\ 

: E 

i=l 



— Tr(x t ;x N ) -p{xi) 



< S 



Whenever there is no confusion, we write for instance w N (xi) and 1^ (xi) in place of n(xi; x ) and X n [xi\ x ), respectively, 
to simplify notation. Finally, let us define the symbol indexing maps Xn(x N ), n = 1, 2, . . . , N, by assigning the index value 
j to XnC^^) when the ?ith symbol in the sequence x N is ar_^, namely, the jth element in the alphabet of X. 



B. Channel model 

Consider the channel model shown in Fig. [2] This model serves as a generalization of the motivating example described 
in Section [j] Two nodes (1 and 2) simultaneously forward their source symbols to a relay node. The relay node is supposed 
to forward its received symbols back to the two nodes (or to some other nodes) in the amplify-and-forward manner. There is 
some possibility that the relay may modify its received symbols in an attempt to degrade the performance of the transmission. 
Our goal is to determine if and when it is possible for nodes 1 and 2 to detect any malicious act of the relay by observing 
the symbols broadcast from the relay in relation to the symbols that they individually transmitted. Note that the above model 
also covers the perhaps more common scenario in which only one node has information to send while the transmission by the 
other node is regarded as intentional interference. 

More specifically, let X\ and X2 be two independent discrete random variables that specify the generic distributions of 
the symbols transmitted by nodes 1 and 2, respectively. At time instants 1,2, ... ,N, nodes 1 and 2 transmit i.i.d. symbols 
respectively distributed according to X\ and X 2 - The transmission goes through a memoryless multiple-access channel (MAC) 
with the random variable U describing its generic output symbol. The MAC is specified by the conditional pmf p(uk\xi t i, X2,j). 
The relay node, during time instants 1, 2, . . . , N, observes the output symbols of the MAC, processes (or manipulates) them, 
and then broadcasts the processed symbols out to nodes 1 and 2 at time instants N + 1, N + 2, . . . , 2N via a memoryless 
broadcast channel (BC) with the random variables V describing its generic input symbol and Yj and Y2 describing the generic 
output symbols at nodes 1 and 2, respectively. The BC is specified by the conditional pmf p{y\ i, yi j \vk)- In addition, because 
the relay is supposed to work in the amplify-and-forward manner, we adopt the reasonable model that the alphabets of U 
and V are of the same size, and there is a one-to-one correspondence u, « tij, j = 1,2,.,., \U\, between elements of the 
alphabets. 



5 



Let u denote the sequence of N output symbols of the MAC observed by the relay during time instants 1,2,..., JV, and 
denote the sequence of N input symbols of the BC transmitted by the relay during time instants N + 1, N + 2, . . . , 27V. 
Then the mapping v N — cf> (w ) represents the manipulation performed by the relay. The manipulation map cj) N is allowed 
to be arbitrary, deterministic or random, and known to neither node 1 nor 2. The only restriction we impose is the Markovity 
condition that p(v N \u N , x±, x£) = p(v N \u N ), where x 1 ^ and x% denote the symbol sequences transmitted by nodes 1 and 
2, respectively, during time instants 1, 2, . . . , N. That is, the relay may potentially manipulate the transmission based only on 
the output symbols of the MAC that it observes. 



C. Maliciousness of relay 

Consider the \U\ x \U\ matrix $ N whose (i, j)th element is defined by 

N ^ Tr N (vi,Uj) 

It is obvious that & N is a stochastic matrix describing a valid conditional pmf of a fictitious channel, which we will refer 
to as the attack channel. Despite omitted from its notation, the attack channel Q N depends on the sequences u N and v N . 
Rather than directly acting on the MAC output symbols to produce input symbols for the BC, the attack channel Q N extracts 
the statistical properties of the manipulation map <fi N that are relevant to our purpose of defining (and later detecting) the 
maliciousness of the action of the relay: 

Definition 1. (Maliciousness) The relay is said to be non-malicious if\\$ N — I\\\ — > in probability as N approaches infinity. 
Otherwise, the relay is considered malicious. 

In the strictest sense, normal amplify-and-forward relay operation should require Q N = I for all u N and v N and for each N. 
Nevertheless it turns out to be beneficial to consider the relaxation in Definition [T] when the primary focus is to check whether 
the relay is degrading the channel rather than attacking a specific part of the transmission. In particular, the probabilistic and 
limiting relaxation in Definition [T] allows us to obtain definite results (see Section IV I for the very general class of potential 



manipulation maps described above by tolerating actions, such as manipulating only a negligible fraction of symbols, that have 
essentially no effect on the information rate across the relay. We point out that it is possible to develop similar results based 
on the above-mentioned strictest sense of maliciousness for some more restricted classes of manipulation maps (see 1251 for 
instance). 



D. Maliciousness detection 

Due to symmetry, it suffices to focus on node l's attempt to detect whether the relay is acting maliciously or not. To that 
end, we are particularly interested in the "marginalized" MAC pmf p(iii\xi t j) and marginal BC pmf p(yn\vj). For better 
bookkeeping, we will write the two conditional pmfs in terms of the \U\ x |Xi| matrix A and |YjJ x \U\ matrix B whose 
elements are respectively defined by 

Aij = p{ui\xij) 
B i,j = p{Vi,i\ v j)- 

To complete the bookkeeping process, we define the |Yi| x |Xi| matrix T N as 

pJV A B ^N A ^ (2) 

which can be interpreted as the conditional pmf of the node l's observation if the relay were to act in an i.i.d. manner described 
by the attack channel $ w . 

We assume that node 1 knows A and B. We will refer to the pair (A, B) as the observation channel for node 1, which may 
use knowledge about the observation channel to detect any maliciousness of the relay. Justifications for this assumption can 
be made based on applying knowledge of the physical MAC and BC in a game-theoretic argument similar to the one given in 
ll23l . Before data communication between the nodes and relay takes place, they must agree on a relaying protocol. During the 
negotiation process of such protocol, the relay needs to either reveal A and B to the nodes, or provide assistant to the nodes to 
learn A and B. If the relay provides false information about A and B corresponding to a more favorable channel environment 
than the actual one, the nodes may use the knowledge of the physical channel to check against the false information. On the 
other hand, it would also not be beneficial for the relay to misinform the nodes with a less favorable channel environment, 
since in such case the nodes may simply decide not to use the relay. 

We may also assume that A contains no all-zero rows and that p(xi,j) > for all x\j in the alphabet of X\. If these 
assumptions do not hold, we can reinforce them by removing symbols from the alphabets of X\ and U and deleting the 
corresponding rows and columns from A, without affecting the system model. In addition, note that relabeling of elements 
in the alphabets of X% and Y\ amounts to permuting the columns of A and rows of B, respectively. Relabelling of elements 
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in the alphabet of U, and hence the corresponding elements in the alphabet of V, requires simultaneous permutation of the 
rows of A and columns of B. It is obvious that all these relabellings, and hence the corresponding permutations of rows and 
columns of A and B, do not change the underlying system model. Therefore we will implicitly assume any such convenient 
permutations in the rest of the paper. 

As mentioned before, detection of maliciousness of the relay is to be done during normal data transmission. That is, the 
detection is based upon the symbols that node 1 transmits at time instants 1,2, ... ,N (i.e., x 1 ^) and the corresponding symbols 
that node 1 receives at time instant N + 1, N + 2, . . . , 2N (i.e., y^). We refer to each pair of such corresponding transmit and 
receive symbols (e.g., the ones at time instants 1 and N + 1) as a single observation made by node 1. Node 1 is free however 
to use its N observations to detect maliciousness of the relay. For instance, we may employ the following estimator of $> N to 
construct a decision statistic for maliciousness detection. First node 1 obtains the conditional histogram estimator T N of T N 
defined by its (i, j)th element: 

_ 

r (*i,i) 



i,j _ m i \ ■ v 3 ' 



Then it constructs the estimator $ from T according to: 

{argmax ||$ — I\\i if G^(T N ) is non-empty, 
*eG M (f«) ' " (4) 

/ otherwise. 

In [i is a small positive constant and G M (f ) is the set of \U\ x \U\ stochastic matrices, for each of which (say denoted by 
$), there exists a |Yi| x \U\ stochastic matrix f such that ||II B (f - f )IIa||i < A* and B&A = IT B fTU, where Ha and U B 
denote the orthogonal projectors onto the row space of A and column space of B, respectively. We will employ the estimator 
& N specified in (|4ji to obtain the detectability results in the following sections. 

IV. Maliciousness Detectability 

To describe the main results of this paper, we first need to introduce the following notions of normalized, balanced, and 
polarized vectors: 

Definition 2. (Normalized vector) A non-zero vector uj is said to be normalized if \\lu\\i = 1. 
Definition 3. (Balanced vector) A vector uj is said to be balanced if ^ uii = 0. 

Definition 4. (Polarized vectors) For b > and < e < b, a vector uj is said to be (b, e)-polarized at j if 

r J 00 ) f or i = J 
[(-oo,e] fori^j. 

Further uj is said to be (b, e)-double polarized at (j, k) if 

[b, oo) for i = j 

uii G ^ (— oo, —b] for i = k 

[-e, e] for i ^ j, k. 



A. Main result 

The main result of this paper is that detectability of maliciousness of the relay is characterized by the following categorization 
of observation channels: 

Definition 5. (Manipulable observation channel) The observation channel (A,B) is manipulable if there exists a \U\x \U\ 
non-zero matrix T, whose jth column, for each j = 1, 2, . . . , \U\, is balanced and (0, 0)-polarized at j, with the property that 
all columns of TA are in the right null space of B. Otherwise, (A, B) is said to be non-manipulable. 

Let D N = D N (y^ ,x^) denote a decision statistic based on the first observations (y^,x^) that is employed for 
maliciousness detection. The following theorem states that maliciousness detectability is equivalent to non-manipulablility of 
the observation channel: 

Theorem 1. (Maliciousness detectability) When and only when the observation channel (A, B) is non-manipulable, there 
exists a sequence of decision statistics {D N } with the following properties (assuming S > below): 
1) //limsup^^Prdl^ -I\\ 1 >8)> 0, then 



limsupPr (D N > S 



$ N -Ih >S) = 1 
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2) //liminf^oo Prdl^ - J||i < 8) > 0, then 

lim Pr ( D N > cS \\$ N - I\U < S] = 

for some positive constant c that depends only on A and B. 

The theorem verifies the previous claim that the attack channel § N provides us the required statistical characterization 
for distinguishing between malicious and non-malicious amplify-and-forward relay. In addition, as shown in the proof of the 



theorem to be provided later in Section VI-C this distinguishability is (asymptotically) observable through the decision statistic 
|| $ w — /Hi, where <t N is the estimator of Q N described in (Q, for non-manipulable channels. The requirement of (A, B) 
being non-manipulable is not over-restrictive and is satisfied in many practical scenarios. 

Theorem [T] can further be employed to characterize detectability of maliciousness of the relay in the context of Definition [T] 

Corollary 1. Given that (A,B) is non-manipulable, the sequence of decision statistics {D N } in Theorem^also satisfies the 
following properties: 

1) If the relay is not malicious (i.e., ^ N — — > in probability), then 

lim Vt{D n > 5) = 

N-¥oo 

for any S > 0. 

2) If the relay is malicious (i.e., ||$ — /||i does not converge to in probability), then 

limsupPr^ > 5) > limsupPrdl^ - I||i > 5) 

N—>-oo JV-i-co 

for any S > 0. 

3) If the relay is malicious and there is a subsequence {<& Nm } of attack channels satisfying \\<£> Nm — $||j — > in probability 
for some stochastic $ 7^ I, then there exists S > such that lim sup jy^^ Pr(|| (E"^ — /||i > 5) = 1, and for every such 
6, 

limsupPr(D iV > 5) = 1. 

N—>-oo 

4) the relay is malicious with \\$> N — $11 1 — > in probability for some stochastic $ ^ J, then there exists 6 > such 
that limjv^oo Pr(||$ — J||i > 8) = 1, and for every such 5, 

lim Pr(D N >8) = 1. 

Note that Properties 1 and 2 of the corollary together state that D N — > in probability when and only when the relay in 
not malicious. Properties 3 and 4 provide progressively stronger maliciousness detection differentiation when more restrictions 
are placed on the attack channel $ Ar . 

B. Checking for non-manipulability 

The manipulability of the observation channel (^4, B) can be checked by solving a linear program as shown below: 

Algorithm 1. (Non-manipulable?) 

1) Let SI, v, and X be a \X\ \ x |Yi| matrix-valued variable and two 1 x \ U\ vector-valued variables, respectively. 

2) Solve the following linear program: 

\u\ 

min y~] \ k - v k - [AQ.B] kik 

k=\ 

subject to 
1 - A fe < 

v k + [AClB] ktk -X k <0 
v k + [ASlB] kt i < 

3) If the optimal value in |2j is 0, then conclude that (A,B) is non-manipulable. Otherwise (i.e., the optimal value is 
positive), conclude that (A, B) is manipulable. 

For cases where the right null space of B is trivial, checking manipulability of (A, B) is made simple by Theorem [2] below. 
For notation clarity in expressing the theorem, let us define the following constants that depend only on A: 

A m in = min ^ 

3 

A ■ 



k = 


1,2,. 




k = 


1,2,. 


■,\u\, 


k^l = 


1,2,. 


.,\u\. 
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Note that both A m - ln and a m i n are positive since A does not contain any all-zero row. 

Theorem 2. Suppose that the right null space of B is trivial. Then {A, B) is non-manipulable if and only if the left null space 
of A does not contain any normalized, (a m ; n ,0) -double polarized vectors. 

We remark that the condition of non-existence of normalized, (a m ; n , 0)-double polarized vectors in the left null space of A 
is relatively easy to check by for instance employing the following algorithm: 

Algorithm 2. (Double polarized vector in left null space?) Let n = \U\ — rank(A). The following steps can be employed to 
check whether the left null space of A contains any normalized, (a m i n ,0)-double polarized vectors: 

1) If n — 0, then the left null space of A must not contain any normalized, (a mln ,0)-double polarized vector. 

2) If n = \U\ — 1, then the left null space of A must contain a normalized, (a m ; n , 0)-double polarized vector. 

3) Ifl<n<\U\ - 2: 

a) Find a nx\U\ matrix T whose rows form a basis for the left null space of A. 

b) Perform elementary row operations, permuting columns if necessary, to make T into the row-reduced echelon form 
T = (I T), where T is a nx (jU\ — n) block. 

c) For each i = 1,2, . . . , n, if all elements of Tj, except for a single negative element, are zero, then go to pj/[). 

d) For each i,j £ {1, 2, . . . , n} and i ^ j, if Yj = cTj for some c > 0, then go to 

e) Conclude that the left null space of A does not contain any normalized, (a m i n ,0)-double polarized vector, and 
terminate. 

f) Conclude that the left null space of A contains a normalized, (a m i n ,0)-double polarized vector. 

Practically speaking, the triviality of the right null space of B guarantees that the pmf of V can be unambiguously obtained 
by node 1 from observing Y\. This requirement is reasonable if node 1 is expected to be able to observe the behavior of the 
relay, and is often satisfied in practical scenarios. The requirement of the left null space of A not containing any normalized 
double-polarized vector is not over-restrictive, and can be satisfied in many cases by adjusting the source distribution of node 2. 



V. Numerical Examples 

A. Motivating example 

To illustrate the use of Theorem[T] let us first reconsider the motivating example in Section|lI] In the notation of Section [TH-B| 
Xi and X 2 have the same binary alphabet {0, 1}, and the MAC is the binary erasure MAC described by U — X\ + X 2 . That 
is, the alphabets of U and V are both {0, 1, 2}. The BC is ideal defined by Y\ = V and Y 2 = V. In addition, we assume 
the usual equally likely source distributions, i.e., X\ and X 2 are i.i.d. equally likely binary random variables. Physically, this 
model approximates the scenario in which two equal-distance Ethernet nodes send signals (collision) to a bridge node, or the 
scenario in which two power-controlled wireless nodes send phase synchronized signals (collision) to an access point. In both 
scenarios, the signal-to-noise ratio is assumed to be high. 

It is easy to check that in this case 

1=1 - r > /> I and B=I 3k3 . 




Hence A m [ n = |, a m ; n = i, and 6 m j n = j^. Note that the left null space of A has dimension 1, and the row-reduced echelon 
basis matrix in Algorithm [2] is (1 — 1 1). Thus Algorithm [2] gives the fact that the left null space of A does not contain 
any normalized, (a m j n , 0)-double polarized vector. By Theorem [T] and its proof in Section VI we know that the sequence of 



decision statistics { 1 1 <J> ^ — where $> N is described in satisfies properties 1) and 2) stated in Theorem [T] Thus any 

malicious relay manipulation is detectable asymptotically. 

1) I.i.d. attacks: To demonstrate the asymptotic maliciousness detection performance promised by Theorem [T] and to 
investigate the performance with finite observations, we performed simulations for four different manipulation maps which 
correspond to the relay randomly and independently switching its input symbol by symbol according to the conditional pmfs 
p(vj\ui) specified by the matrices 

$i = 4x3, $2 
.99 .005 

$ 3 = | .01 .99 .01 | , and $ 4 = | -01 1 .01 | . (5) 

.005 .99, 

Obviously the case of $i corresponds to a non-malicious relay and the other cases correspond to a malicious relay. The 
particular malicious <i>'s were chosen to represent different ways a relay node may choose to attack. For the case of $2, the 
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(d) non-ergodic attacks, TV = 10 5 



Fig. 3: Plot of empirical cdfs of 1)$^ — I\\i obtained in the motivating example with the four relay manipulation maps 
corresponding to $i = /, <E>2, ^3, and $4 respectively. 



relay node changes 1% of the symbols received without regards to whether or not this will make the manipulation obvious to 
the source nodes. In contrast, the attack of $3 is more reserved in what it will do. It can be seen that the relay's manipulation 
can only be instantly detected by one of the source nodes at any given transmitted value. That is, the relay the relay switches 
1% of the received symbols in ways listed out in Table. [I] except those labeled with "Alice & Bob both detect." Finally the 
attack of $4 is the most cautious and will only take an action that neither source node can recognize as manipulation without 
looking at multiple observations. For this case, the relay switches 2% of the received symbols with values or 2 to 1. This 
corresponds to the "Not detected" outcomes in Table [i] Note that \\$> N — — > in probability as TV — > 00 in each case. 
Hence property 1) of Corollary [T] applies for the case of $1 and property 4) applies for the cases of $2, $3, and $4. 

In different simulation runs, we set TV = 10 3 , 10 4 , and 10 5 . Five thousand trials were run in each simulation. The empirical 
cumulative distribution functions (cdfs) of 1)$^ — I\\i obtained from the 5000 trials for each simulation are plotted in Figs. 



3a 



3b and 3c for the cases of N = 10 , 10 , and 10 , respectively. For these three cases, the values of /1 chosen in defining the 
estimator $> N are 0.2, 0.1, and 0.05, respectively. From Figs. 3b and 3c respectively with V = 10 4 and V = 10 5 , as predicted 



by parts 1) and 4) of Corollary [l] the decision statistic 1)$^ — succeeds in differentiating between the non-malicious case 
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(a) (A, B) non-manipulable (b) (A, B) manipulable 

Fig. 4: Plot of empirical cdfs of \\& N — for various i.i.d. attacks considered in Sections V-B and V-C 



of $i and the malicious cases of $2, and $4 with very high confidence. For instance, by selecting the decision threshold 
at 8 = 0.065 and 8 — 0.004 respectively for the cases of N = 10 4 and N = 10 5 , we are able to obtain very small miss 

10 3 , 
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that there is 



and false alarm probabilities for detecting maliciousness of the relay. For N = 10 , we can see from Fig. 
still differentiation between the empirical cdfs obtained for the non-malicious and malicious cases. However the maliciousness 
differentiation confidence achieved is much weaker than the detectors with the larger value of N. This simulation exercise 
illustrates the fact that the decision statistic based on the maximum-norm estimator of Q, while is convenient for proving the 
asymptotic distinguishability result in Theorem [T[ may not be a suitable choice for constructing a practical detector when the 
number of observations, N, is not large. Other more efficient finite-observation detectors may be needed. 

2) Non-ergodic attacks: To demonstrate part 2) of Corollary [T] with non-i.i.d attacks, we simulated a few non-ergodic 
attacks and considered again the decision statistic 11$^ — J||i. In these non-ergodic attacks, the relay decides whether or not 
to manipulate the symbols depending on if the checksum of all observed symbols is even or not. Conditioning on an even 
checksum, the relay manipulates the symbols i.i.d. according to $2, $3, and $4 as described in |5]). Note that the for these 
attacks, liniA,^ Prfll^ -I\\ 1 >5) = 0.5 for all 5 > 0. 

The results for this simulation with N = 10 5 and /1 = 0.01 are plotted in Fig. 



3d 



From the figure, the first important note is 
that the empirical cdfs of the decision statistic exhibit staircase shapes with a step at 0.5 as predicted by part 2) of Corollary [TJ 
When the relay is being malicious, it is clear that by choosing 8 — 0.07, we can again obtain small miss and false alarm 
probabilities for detecting maliciousness of the relay. 



B. Higher order example 

Let us consider the addition channel as shown in Fig. [T] with both Alice and Bob choosing their source symbols uniformly 
over the ternary alphabet {0, 1, 2} instead. Hence the input and output alphabets of Romeo is {0, 1, 2, 3, 4} in this case. It is 
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easy to verify that the corresponding A matrix is given as in Q on the next page. Furthermore, suppose that BC from Romeo 
back to Alice and Bob is not ideal. In particular, let us model the marginal BC from Romeo back to Alice by the matrix B 
given in Q. Notice that this B has a non-trivial right null space. 

First we need to determine if the pair (A, B) is non-manipulable. To do this, we used the Algorithm [T] presented in 
Section IV-B In particular, we employed the linear programming solver linprog in the optimization toolbox in MATLAB 
to solve the linear program in step [2] of Algorithm [T] The optimal value returned was of the order of 10~ 16 , which is close 
enough to for us to decide (A, B) as non-manipulable. Thus again Theorem [T] and Corollary [T] apply to give that the decision 
statistic 11$^ — I\\i provides maliciousness detectability for this channel. 

As in Section V-Al we simulated i.i.d. attacks by Romeo. The four different <&'s shown in (|6]l were the cases that we 
considered in the simulation study. The attack of $1 corresponds to the case in which Romeo truthfully forwards the received 
symbols. For the attacks of $2, and $4, Romeo alters 1% of the symbols that it receives. Each of these three cases was 
once again chosen for a particular level of maliciousness as in Section [V-A1| The case of $2 corresponds to an attack in which 
Romeo returns values that he knows will instantly guarantee detection. The attack of $ 3 only sends back values for which it 
is possible to not be instantly detected. Finally $4 corresponds to the case in which Romeo is the most cautious, and will not 
send back any symbol which is instantly detectable. 



4a 



for the simulation run with 



The empirical cdfs of \\$ N — obtained for the four different <3>i's are plotted in Fig. 
N = 10 5 and p = 0.05. As before, by choosing a decision threshold at 8 = 0.07 we can obtain very small miss and false 
alarm probabilities for detecting maliciousness of Romeo. 



C. Counter-example 

To demonstrate the consequence of having a manipulable observation channel (A, B), reconsider the ternary-input example 



of Section V-B with the marginal BC from Romeo back to Alice specified by the following matrix 



B = 
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To check whether (A, B) is manipulable, Algorithm [T] was again employed. The optimal value of the linear program in step [2] 
obtained was 3, thus alerting us that (A,B) is manipulable. Indeed it can be readily check that for any tp G (0, 1], the matrix 
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is one that satisfies BTA = required in Definition [5] to make (A, B) manipulable. Therefore Theorem [T] tells us that 
maliciousness det ectabili ty is imp ossible for this channel. 

T was simulated for N — 10 5 and p = 0.05. The value 



As in Sections V-Al and V-B 



an i.i.d. attack with $2 = I 

of "4> = 1 was chosen in the simulation. This choice corresponds to an average of | of the symbols are changed by Romeo. 
Clearly having this many symbols changed would be catastrophic in most practical communication systems, and is therefore 
undesirable. The empirical cdfs of the non-malicious case and the malicious case of $2 obtained from the simulation are plotted 



in Fig. 4b It is clear from the figure that the cases for which Romeo is being malicious and not malicious are indistinguishable. 
Hence the severe attack of $2 can not be detected. 



VI. Proofs of Detectability Results 



In order to prove the various results in Section IV we will need to extend the notion of polarization of vectors given in 
Definition [4] to matrices: 

Definition 6. (Polarized matrices) Let 1 < n < \U\. For b > and < e < b, we say that a nx\U\ matrix T is (b, e)-polarized 

[6,00) forj = i 
(-00, e] M j ^ i- 



If, in addition, j — for all i, j — 1,2, ... ,n and i ^ j, we say that T is (b, e)-diagonal polarized. 

Moreover, by saying a normalized T is in the left null space of A, we mean all rows of T are normalized vectors in the 
left null space of A. 
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In addition to the notion of polarized vectors and matrices, we will also employ the following generalization of linear 
dependence: 

Definition 7. (e s -dependent) A vector uj is e s -dependent (e s > 0) upon a set of vectors Ti, T2, . . . , Y„ of the same dimension 
if there exists a set of coefficients c±,C2, ■ ■ ■ ,c n such that 



E C * T '< 



(=1 



< e s 

1 



With these definitions in place, we will first establish a few important and interesting properties of polarized vectors and 
matrices in the left and right null spaces of A and B, respectively. In addition, we will show that the condition of the observation 
channel (A, B) being non-manipulable is sufficient in guaranteeing the validity of these properties. Then we will apply some 
of these properties to bound the distance between an estimate of the attack channel and the true attack channel. The distance 
bound is employed to show that a decision statistic constructed from an attack channel estimator based on histogram estimation 
of node l's conditional pmf of its received symbols given its transmitted symbols provides the needed convergence properties 
in Theorem [T] The aforementioned properties of polarized vectors in the left null space of A will also be used to prove 
Algorithm |2]and Theorem [2] 

A. Properties concerning polarized vectors and matrices in null spaces of A and B 

Let us first study the left null space of A. The following simple lemma about normalized vectors in the left null space of 
A is critical to many other results in this section: 

Lemma 1. Suppose that v is a non-zero normalized lx|£7| vector in the left null space of A. Then v must contain at least 
one positive element and one negative element, and 

max Vi > a min 

i:Vi>0 

min v t < -a min . 

i:Vi<0 

Proof: Write a = maXi :Vi> o for convenience, and note that a = by definition if v contains no positive element. Since 
v is normalized, we have 

E W = 1 - E \v<\>l -a\U\. (7) 
Because v is in the left null space of A, ViAij — for all j. That implies 

E ViAij = - E v i A i,3 = E \ Vi \ Ai >3- ( 8 ) 

i:vi>0 £:i>j<0 i:-Uj<0 

But, because < A.- L ,j < 1, we can make the following inequality 

E V ^ A ij - E U * - a \ U \- 
i'.Vi >0 i:Vi >0 

Substituting ([S} back in, we get 

a\U\> E N A M 

i-.Vi<0 

which must hold for all j. Therefore, 

a|C/||^l|>E E N A M^ E M^nin 
j i:Vi<0 i:Vi<0 

which causes a contradiction when a = since A m i„ > 0. Hence, a must not be 0, and v must have at least one positive 
element. Further, by |7}, 

a|tf||*i|>4nta(l-a|tf|) 

which gives the desired lower bound on a. The proof of existence of a negative element and the fact that the minimum negative 
element must be no larger than — a m ; n is similar. ■ 
An immediate, but important later in proving Theorem [5] consequence of the lemma is the following observation: 

Lemma 2. Let < e < a m j n . Suppose that uj is a normalized vector in the left null space of A that is not (a m i n , e)-polarized 
at i. Then there exists a j 7^ i such that UJj > e. 

Proof: Since lu is normalized, uik > 0Wn for some k by Lemma [T] If k ^ i, then we have the stated conclusion. Now 
suppose k = i. If ojj < e for all j 7^ i, then we obtain the contradictory conclusion that uj is (a m i n , e) -polarized at i, ■ 
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Lemma [T] also implies the following two lemmas about normalized, diagonal polarized matrices in the left null space of A: 
Lemma 3. Let a ni i n < a < 1 and 2 < n < |J7|. Let < e s < a m i n , anc/ e anc/ e„_i be two positive constants. Define 

' e + £ > +(n-l) e + C "- 1+£ ' + C ' e "- 1 . (9) 



^min ^(^min ^s) 

Suppose that e s , e, and e„_i are chosen small enough to satisfy e' n < a mm . Furthermore, suppose that the left null space of A 
contains a normalized, (a, e n —i)-diagonal polarized, (n— l)x\U\ matrix and a normalized, lx|?7| vector that is (a, e)-polarized 
at n, and is e s -dependent on the rows of the matrix. Then the left null space of A also contains a normalized, lx|U| vector 
that is (a m i n , e')-double polarized at (m, n) for all e' n < e' < a m j n , where m < n. 

Proof: Fix e' 6 Ku a min)- Let T and v be the (a, e„_i)-diagonal polarized matrix and the (a, e)-polarized vector, 
respectively, given in the statement of the lemma. We will show that one row of T must be (a m i n , e')-double polarized at 
(m,n), where m < n. 

First, since v is e s -dependent upon the rows in T, we know that there exists a set of coefficients c%, c%, . . . , c n _i such that 
for any j = 1,2, . . . ,\U\, 

n-l 

Vj - e s < X (kTij < Vj + e s . (10) 

i=i 

In particular, for i = 1, 2, . . . , n — 1, we have Vi — e s < CjY^j < Vi + e s . Using the facts that Ta > a and that — 1 < vi < e, 
we can determine that 

< Ci < . (11) 

a a 

From Lemma [T] we know that there exists an index m such that v m < — a m - m . To proceed, we want to show that m < n, 
which we will do through contradiction. Obviously m ^ n. Suppose m > n and consider ( 10 1 with j = m. Separating the 
terms with positive and negative Cj's in the summation and using the upper bound in ( fT0] >, we have 

i-.Ci<0 i:c;>0 

> a m in - e. 5 - (n - 1) £ (12) 



where the second inequality is obtained by using the upper bound on a in (11 1. But because m > n, we have Tj, m < e„_i. 
Then by using the lower bound on Cj in ((lib, we get 5Zi- c <o l *!^ i,m < ( n — l^n-i^f^- Thus we arrive at the conclusion 
that 

(n - l)e„_i > a min - e s - [n- lj- 



a a 

which clearly violates the condition < a min in the statement of the lemma. Therefore m < n. Furthermore we have 

c m T mjTO <v m + e s < -a min + e s < 0, which implies c m < and \c m \ > a min - e s . 
Similar to ( [12) , we have, for j > n, 

i-.Ci<0 i:Ci>0 

>-e-e.-(n-l)^±^ (13) 
a 

where the second inequality is due to the fact that Vj < e. Further separating the terms with positive and negative T^j in the 
sum on the left side of ( |13) , for j > n, we have 

i:c i <0,T i ,j<0 

< e + e s + (n-l) 6 -^+ ^ l c «l T *J 

i:Ci<0,T i-:j >0 

< e + e s + (n-l) (14) 

a 

where the second inequality results from the bound Yli- C <o t >o l c il"^ij ^ ( n ~ ^)£n-i^-^, as shown above. Because 
c m < 0, we know from |l4| ) that if T TOJ < 0, then |c m ||T mj -| < e + e s + (n — 1) £+e "- 1 +^+ e3e "- 1 _ Further, by the above 
derived result that \c m \ > a min — e s , we get 

l T mjl < — + (" - 1) r — ^ = e„ 

^min ^^min 

if T m ^ < 0. Therefore, |T mj | < e' for all j > n. 



14 



Combining all above results, we observe that T m m > a, |T m j\ < e' < a m i n for j > n, and T m j = for all other index 
values of j except n. From Lemma [I] we must have T m „ < — a m i n . Thus T TO is (a m j n , e')-double polarized at (m,n). ■ 

Lemma 4. Lef a m i n < a < 1 one/ 2 < ra < |J7|. Let < e s < a m i n , one/ e one/ e„_i fee fwo positive constants. Define 

II e n-l , 1 



e + (n — 1) 



(15) 



Suppose that e and e n _i are chosen small enough to satisfy e" < a m i n . Furthermore, suppose that the left null space of A 
contains a normalized, (a, t n _i)-diagonal polarized, (n— l)x\U\ matrix and a normalized, lx|/7| vector that is (a, e)-polarized 
at n, and is not e s -dependent on the rows of the matrix. Then the left null space of A contains a normalized, (a m i n , e")-diagonal 
polarized, nx \ U\ matrix, for all e" < e" < a m i n . 

Proof: Fix e" 6 [e",a m j n ). Let T and v be the (a, e„_i)-diagonal polarized matrix and the (a, e)-polarized vector, 
respectively, given in the statement of the lemma. We will first construct a normalized, lx \U\ vector v that is (a m i n ,e")- 
polarized at n with the additional property that Vj = for all j = 1, 2, . . . ,n — 1. Then we apply elementary row operations 
and normalization to the rows of [T T v T ] T to obtain the desired normalized, nx \U\, (a m j n , e")-diagonal polarized matrix. 
First, set 

n-l 

Vi 



T 

2—1 

Because v is not e s -dependent upon the rows of T, we must have ||£i||i > e s . Hence we can normalize v to obtain v, i.e., 
v = v/\\v\\i. Clearly, for j < n, Vj = Vj — y^Tjj = 0, which implies Vj = 0. For j > n, write 

But since > a and Vj < e for j > n, we have 

i:vi >0 ' zri^i >0 

i:Vi<0 



Applying these two bounds to ( 16 1, we get, for j > n, 

Vj < e + (n — 1) . 

which implies 



1 

Vi < — 



e+ (n— 1) 



Further, note that j) is a normalized vector in the left null space of A. Hence by Lemma [T] and the fact that e[[ < a min , 
v n > amin- Therefore v is (a m i n , e)-polarized at n with the additional property that Vj — for j < n as claimed. 
Next, for i = 1, 2, . . . , n — 1, set 

T 

! = T j — w. 

Clearly, T l n = and Tjj = T^j for j < n by design. Thus ||Tj||i > a. Again, we can normalize Tj to get T,; = Ti/||Tj||i. 
Now, consider j > n, 

Ti n ~ max{e„„i,ej e 
T — T ■ — f; < f 1-1 L ' L — f , 1 

± i.y — 1,3 - 3 — r n— 1 ~ c n — 1 



nun 



where the second inequality is due to —1 < T l n < e n _i, —1 < < e, and v n > a m j n , and the last equality results from the 
fact that |J7|e s < 1. Hence 



f ■ < £ra ~ 1 -| — = e " 

%,J — ' t n- 



As discussed before, T.y = for all i = 1,2, ...,n — 1 and j ^ i < n. Hence, again using Lemma [T| we must have 
> a m j n since e" < a m ; n . Finally, set T n = u. The matrix T composed by using Ti, T2, . . . , T n as rows is the desired 
(imin i e ") -diagonal polarized matrix. ■ 
To apply Lemmas [3] and |4] we need to the following lemma to select e„ : 
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Lemma 5. Let e s and e be two positive constants. Suppose that 2 < n < \U\. Define a n _i = a min ^1 + ^— 

i— 1 

/or i=l,2,...,n. If 



Set 



<? 2 / 2 

e s <• a min"n— 1 1 a min 



t*mm**n— 1 



7,2 



+ (n-l)(l + 

&min) 2 ^min^n— 1 



(17) 



awa" e < a,. 



"mm [ a "~ 2 lt3 ) ' thm 

1) ei < e 2 < ■ ■ ■ < e„ < a min , 

2) e- < a min , i = 2,3, 

3) e" < e ir i = 2,3,...,n, 



where e£ ana! e" are obtained from ej_i WSj'ng the formulas given in (|9f ana" (75) w/f/i a > a m ; n , respectively. 



Proof: Part 1) is obvious from the construction. From (|9| and 1), we have e' 2 < eg < . . . < e' n . Thus it suffices to show 
e' n < a min when establishing 2). Indeed, note that t n -\ < amin °"- 1 £s; which together with (j9j imply 



el < 



1 



n-1 



+ (n-l)(l + e s ) 



l n-l c s 



< 



1 + 



Q-niin^n— 1 



+ (n- 1)(1 + a min )- 



n-l 



^ ^min 

where the last two inequalities result from the upper bound imposed on e s in the statement of the lemma. 

. ,n, 

2e i _i 



Finally, it is easy to see from ( 15 i that, for i = 2, 3, . 

1 



< 



-l£ s 



e) < 



where the second inequality is due to 1). ■ 

Inductively applying Lemmas [3] and [4] with the choice of e„ from Lemma [5] we obtain the following theorem: 

Theorem 3. Let 2 < n < \U\. Suppose that e s , e, and e±, . . . ,e n are chosen according to Lemma^ and that the left null 
space of A contains a normalized, (a m i n , e) -polarized, n X \U\ matrix. Then the left null space contains either a normalized, 
(flWnj e'i)-double polarized, 1 x \U\ vector for some i = 2, 3, . . . , n, or a normalized, (a mm , e n )-diagonal polarized, n x \U\ 
matrix. In the latter case, no row in the original (a m ; n , e)-polarized matrix can be e s -dependent upon the other rows. 

Proof: Let T be the original (a m i n , e)-polarized matrix in the left null space of A given in the statement of the theorem. 
We will construct the desired (a m ; n , eJ)-double polarized vector or (a m ; n , e„)-diagonal polarized matrix by inductively applying 
Lemmas [3] and [4] to the rows of T. 

First, set T^ 1 ' to be the first row of T. The assumption of the theorem guarantees that T^ 1 ' satisfies that requirement of 
being a normalized, (a mm , ei)-diagonal polarized, lx|f7| matrix in the left null space of A. Inductively, suppose that we have 
constructed, from the first (i — 1) rows of T, the (i — l)x \U\ normalized matrix T^ -1 ) that is (a m im € i~i) -diagonal polarized 
and in the left null space of A. If the ith row of T is e s -dependent on the rows of T^ -1 ) (i.e., the first (z — 1) rows of T), then 
by Lemmas [3] and [5] there exists a normalized, (a m i n , e'A -double polarized (at (m,i) with m < i), lx \U\ vector in the left 
null space of A. In this case, the induction process terminates. On the other hand, if the ith row of T is not e s -dependent on 
the rows of T'- 1-1 -', then Lemmas [4] and [5] together give an normalized ix \ U\ matrix that is (a m j n , e^) -diagonal polarized 
and in the left null space of A. Also note that the rows of are in the span of the first i rows of T. The induction process 
continues until i = n. ■ 

Theorem [3] leads to the following result that is critical to development in the next section: 
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Corollary 2. Fix 2 < n < \U\, a positive e s satisfying (17), and ( a . n ™' e " £ ^ a — - < e' < a min . Let the left null space of A 
contain no normalized (a m i n , e')-double polarized, lx|E/| vector. Then tliere exists a positive e that if the left null space of A 
contains a normalized, (a m - m , e)-polarized nx|{/| matrix, no row of such matrix can be e s -dependent upon the other rows. 

i-l 



Proof: For 



1,2,.. 



. n 



< 



1, choose €i 



(a„_ie s ) 



as in Lemma 



i 



S. Choosing 5 = e' 



small enough e such that e' , ... n»..n„ l; — , — 

< e'. Now applying Theorem [3] gives us the desired result. 



)5„ 



For any 5 > 0, from (|9l, there exists a 
- and using part 1) of Lemma j^J give us 



The next lemma states that the observation channel (A, B) being non-manipulable is sufficient for the condition of non- 
existence of any normalized (a min , e')-double polarized, lx \U\ vector in the left null space of A required in Corollary [2] 

Lemma 6. If (A,B) is non-manipulable, then there exists a pair of constants e s and ca respectively satisfying 



< e s 



< min 

l<n<\U\- 



2 

a min a r. 



1 



^mm^n 



n(l 



(18) 



a 2 ■ e 

mm s 



(a m in — e s )a|c/|-i 

such that the left null space of A does not contain any normalized, (a n 



(19) 



,6A)-double polarized vectors. 



Proof: First we claim that the left null space of A can not contain any normalized, (a m i n , 0) -double polarized vector if 
(A, B) is non-manipulable. Indeed, suppose on the contrary that cj is a normalized vector in the left null space of A that is 
(flmin, 0)-double polarized at (a, 0). Construct the x 1 column vector (T„) T whose ath element is u> a , (3th elements is 
— u> a , and all other elements are zero. Similarly, construct the |C/j x 1 column vector (Tj) T whose ath element is uip, /3th 
elements is — up, and all other elements are zero. Then it is easy to check that (T^) T and (TT) T are (a m i n , 0)-polarized at 
a and at /?, respectively. Further, we also have, for all Z = 1,2,..., (T^) T A Qi ; + (TT) Apj, — because ui is in the 
left null space of A and Wj = for all i ^ a or (3. Hence (A, B) is manipulable. 

Next notice that both the set of normalized, (a m i n , 0)-double polarized vectors and the left null space of A are closed sets. 
The former set is also bounded. As a result, if the left null space of A does not contain any normalized, (a m i n , 0)-double 
polarized vectors, it must also not contain any normalized, (a min , e)-double polarized vectors for all small enough positive e. 



1 



Therefore by choosing e s , satisfying (18i, small enough, we obtain an ea that satisfies (19i and that the left null space of A 
contains no (a m i n , (-a) -double polarized vectors. ■ 
We now turn our attention to the right null space of B. The following result states that normalized vectors in the right null 
space of B have similar properties of normalized vectors in the left null space of A as described in Lemma [T] 

Lemma 7. The right null space of B consists only of balanced vectors. Suppose that uj t is a non-zero normalized \U\ x 1 
vector in the right null space of B. Let 

bmin ~ Wmi + iy 

Then 

max ojj > 6 m in 

j:cjj>0 

min ujj < — 6 m i n - 

j:Uj<0 

Proof: Let lo t be a vector in the right null space of B. Then 

mi i£ri 

i=i j=i 



Swapping the order of the two sums and using the fact that 



mi 



1 "hi 



1, we get J2 



\u\ 



0. Furthermore suppose 



or is non-zero and normalized, it must then have at least one positive element and one negative element. Recognizing the 
preceding fact, we can employ essentially the same argument in the proof of Lemma [T] to show maXj- :w ^>oWj > & m i n and 



Based on Lemma m it is easy to check that the results from Lemma p\ to Corollary all apply to B T with 

replaced by b n = b 2 mi 



and a„ defined in Lemma 



1 



by b 

normalized, polarized vectors and matrices in the right null space of B with the corresponding modifications. 



fflmin replaced 

That is, the above results are all applicable to 
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Finally, the next theorem states that non-manipulability of the observation channel (A, B) guarantees the existence of a 
counterpart of Corollary [2] for the right null space of B that is to be used in the proof of Theorem [5] To simplify notation 
in statement of the lemma, let A denote the set of all \U\ 2 x 1 column vectors of the form vec(TA), where T is a \U\ x \U\ 
matrix whose jth column, for j = 1,2, ... , \U\, is balanced and (0, 0)-polarized at j, and ||T||2 < 2|f7|, It is easy to check 
that the set A is closed, bounded, and convex. Let A denote the cone hull of A. Then it can be readily checked that A is the 
set of vectors of the same form that make up A with the norm bound ||T||2 < 2|{7| removed. 

Theorem 4. Suppose that the right null space of B is non-trivial, and the observation channel (A, B) is non-manipulable. 
Then there exists a positive n, which depends only on A and B, satisfying the property that if ^ is a \U\x\U\ matrix whose 
columns are vectors in the right null space of B and \\^\\i = 1, then there is a normalized vector v simultaneously giving 
vvec(^>) > k and voj t < for all uj t E A 

Proof: Let n = \U\ — rank(i?) > 1 be the dimension of the right null space of B. Let S be a |Z7| X n matrix whose 
columns form an orthonormal basis of the right null space of B. By flipping the polarities of the columns of S (i.e., the basis 
vectors), we obtain 2™ different bases for the right null space of B. Fix a normalized $ with columns in the right null space 
of B. It is simple to check that ttjtj < \\^\\2 < 1- For each j = 1, 2, . . . , \U\, employing one, say among the 2™ bases 



above we can decompose as \&J — Y^i=i ) T } w i tn ^J("(.7)f ) T ^ f° r a U *• Let B be the convex hull 

" \v\ 



1,2,. 



with Ty^ra < Y17=i E =i t>f 7 - < 1 and bij > for i and j. Obviously vec(^) € B. By geometric reasoning, B is a bounded 



of the set of vectors of the form vec(<l>), where $ is any |E7|x|{7| matrix such that $J = X)"=i ^0')? f° r j 
l 

|C/| 2 - ^1=1 

set that does not contain the origin. 

Since (A,B) is non-manipulable, A must intersect trivially with the set of vectors of the form vec($), where is any 
\U\ x \U\ matrix whose columns are vectors in the right null space of B (i.e., the intersection contains only the zero vector). 
Hence B and A are disjoint. Below we employ a slightly stronger version of the argument given in l27l pp. 48] to show that 
B and A can be strictly separated by a hyperplane that passes through the origin. 

Given the above, we conclude that there exist p, J G A and p£ E B that achieve the minimum (positive) Euclidean distance 
between A and B. Now let p,J be an arbitrary vector in A. Since A is a convex cone, pj + t(ap,J — p£) E A for all a > 
and < t < 1. Hence \\p a + t(api — p a ) — /Ltb||| > \\p, a — M&ll! f° r all a > and < t < 1, which (by letting t J, 0) implies 



(p a - fl b )p[ 



> 



(llMa - Mftlla + IIMoIII - llMblll) 



for all a > 0. Further, letting a — > oo gives 



Similarly, if p^ be an arbitrary vector in B, then p£ 



\p a — /ifeHI for all < t < 1 gives 



(M6 



1 

2^ 

(Ma - 

> 7^ (llMo - Mblll 

2 
2 



Mb)Atf > 0. 

-p%) E Bby the convexity of B. Then ||//(, + t(p,2 — Mb) 



IM&II2 - llMalll) 



> ||/i a - jUfeU 



(20) 



(21) 

Malll > 



(22) 



where the second inequality is due to the fact that 
Pi = in (20 1 since E A. Substituting /ii = u) 



establishes 



1Mb 



I Ma 



> 



P2 = vec('I'), u = 



HMa - 



/iblll) which can in turn be verified by letting 
-, and Kg 



_ ||w-Mg 



in (21 



he lemma. The only technicality left to handle is that Kg depends on ^. Fortunately, the dependence on~5 



and (|22| almost 
is only 



through the basis collection S(l), 3(2), . . . , H(|C7|) that produces B. Since there are only finitely many such collections to start 
with, the theorem is established by letting the required k to be the minimum among all the 2™l c/ l Kg's for the corresponding 
basis collections. ■ 



B. Bounding attack channel estimation error 

Recall that the attack channel matrix $ w is a \U\ x \ U\ stochastic matrix. We consider below the stochastic matrix T N 
B<P N A as defined in f2j), as well as estimate s an d T of & N and T N , respectively. In particular, we are interested in the 



estimators of Q N in G M (f ) defined in Section III-D For the purpose of proving Theorem [T| in the next section, the following 



result, which bounds the estimation error of estimators in G„(r), is important: 

Theorem 5. Let T be an estimate of T N 
§ N . If (A, B) is non-manipulable, then 



based on the observation (yf ,x^). Let p > and $ E G^(T) be an estimate of 



< d/z + caiir^-r 



c 3 



\$ N -I\\ 



for some positive constants C\, c%, and C3 that depend only on A and B. 
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Proof: Let 3a and 3 b denote the orthogonal projectors onto the left null space of A and right null space of B, respectively. 
We decompose Q N — $ into three components as below: 

^ - $ = - $)H A + 3 B (* N -<£)(/- 5.4) 



(7-5 B )(<l> JV -$)(/- S A ) 



(23) 



where the rows of ^ A are normalized, and <d A is a |(7| x diagonal matrices whose strictly positive diagonal elements are 
the normalization constants for the rows of Sb A . Note that the rows of ^ A are vectors in the left null space of A. Moreover 
the columns of A B are vectors in the right null space of B. Also note that we have assumed that ty A does not contain any 
all-zero rows without any loss of generality (see (24i below). Because the rows of ^ A are normalized, we have from (23 I, 



\u\ 

E e 

i=l 



(24) 



||$ iV < HA^+AHiH 

Thus it suffices to bound ||A S + A||i and the diagonal elements of Q A . 
We first bound the diagonal elements of <d A . To do this, rewrite (23 i as 

/-$ = /- $ N + e A V A + A B +A. (25) 

Because $ is a valid stochastic matrix, all diagonal elements of I — $ must be greater than or equal to and all off-diagonal 
elements must be less than or equal 0. Thus (23 1 gives 



Q A ^ A 



> -llJ-^lli - ||A 



< II/- $ 



Ah 



IA 1 



+ A||i if j = i 
AH a ifj^i. 



(26) 



Now by Lemma [6] we have e s and ca respectively satisfy (18i and ( [T9| such that the left null space of A does not contain 
any (a m ; n , €a) -double polarized vectors. Hence we can choose a positive e < a m j n so that the conclusion in Corollary [2] is 
valid for all n = 2,3, ... , \U\. For this e, define 

5 e = {i : \ty A is (a m in, e)-polarized at i}. 

Let its cardinality be denoted by n e . 

We bound 8^ for i 4_ S e and i e S e separately. First consider any i 4_ S e . Lemma [2] states that \^f]j > e for some j 7^ i. 
Thus we have from (|26li that 



^1,1 — 



N\ 



A|| 



(27) 



for all i 4 S e 



Next we bound 9^ for i £ S e . If n c = 0, then there is nothing to do. Hence we assume 1 < n e < \U\ below. Since each 
column of A B are in the right null space of B, it must be balanced according to Lemma |7l Moreover it is true that each 



column of $ w - $ must also be balanced. As a result, (|23|l gives Yh^i ®ti®tj = ~ S'=iAj for 3 = 1 > 2 > • • • ' 1^1- The 
triangle inequality then implies 



\u\ 

/ j »,i i ,3 

i=l 



1^1 

<Eia 

i=l 



'•J 



(28) 



Separating the sum on the left side of (28 1 into terms with index i in and not in S £ , we have, for j = 1, 2, 



< 



< 



\u\ 

E 

i=l 



\U\ 

Eia 



I A,, I 



E 6 mI*6i 



\U\ 



(||J-$ 



AT I 



A 



■A|| 



(29) 
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where the second inequality is obtained by using (27i and the fact that the rows of ^ A are normalized. For 2 < n e < \U\ 
Corollary [2] suggests that for each i E S e , 







\u\ 


E 


E Kk*t 


= ©£E 




kes e 





E 



A 



Note that the bound in ( |30| is also trivially valid for the case of n 
Substituting ( |29| into ([30b, we obtain that for each i £ S e , 

IIAIIi , i^l 2 



(30) 



1 since e s < 1 and the rows of are normalized. 



(11^-* 



ATI 



I A 1 



■A|| 



(31) 



Because e s < 1, the upper bound on 0^ for i 6 5 e is greater than the upper bound on 0^ for i ^ S^. Thus we can employ 



(31 



as an upper bound for all 0^'s. Note that the choices of ca, e s > an d e depend only A. 
Next we proceed to bound ||A ||i. Similar to before, write A B A — 8 B ^! B ', where || v l' B ||i = 1 and B is the non-negative 
scaling factor. If the right null space of B is trivial, A B = and hence 8 B = 0. Otherwise, 9 B > 0. Without loss of generality, 
suppose the latter is true below. Because the linear mapping (-)A with domain restricted to the orthogonal complement of the 
left null space of A is invertible, we have 



IIA^d^dllA^H^c^ 



(32) 



for some constant ca that depends only on A. Thus bounding 9 B is sufficient. To that end, right multiply both sides of ( 25 1 
by A to obtain 

(33) 



{i -^)A = e B ^ B 

A 

Since $ is stochastic, vec(A) E A, where A is the set of \U\ 2 x 1 column vectors defined just right before Theorem Q in 
Section VI-A As (A, B) is non-manipulable and the left-null space of B is non-trivial, Theorem [4] guarantees the existence 
of a positive constant k and a normalized vector v giving ^vec(A) < and vn<&c(^> b ) > k. Note that k depends only on A 
and B. Hence left-multiplying both sides of the vectorized version of ( [33j l by v yields 

|i/{vec((7- $ N )A) + vec(AA)}| 



(I-<Z> N )A + AA. 



< 



< 



< 



||(/-^)A|| 1 + ||AA|h 



(III-* 



AT I 



|A|| 



Applying this bound on 6 back to ( 32 1, we obtain 

ca 



A 1 



< 



|A|| 



(34) 



To complete the proof, we need to bound ||A||i. Note that there exists f such that BQA = HbTHa and ||II_b (r — f )ITi||i < 
(j, since l> E G M (f ). Then 

BAA = B(<f> N - $)A = T N - n B f U A 

= u b (t n -f)n A + n B (f-f)n A (35) 

where the last equality is due to the fact that T N = UbF n Ha- Note that the linear mapping B(-)A with domain restricted 
simultaneously to the orthogonal complements of the right null space of B and left null space of A is invertible. Combining 
this fact and p5] l, there exists a positive constant cab, which depends only on A and B, such that 



|A|| X < (vT^iTT 



Yi 



r|K + /i 



(36) 



Finally, substituting (36 1, (34i, and (31 1 back into (24i, we obtain the desired bound on ||$ — $||i given in the statement 
of the theorem with 



Cl 



cab\U\ 



cab 1 




ci = vW^l ' ci 



C3 



c 1 
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C. Proof of Theorem [JJ and Corollary [JJ 

1) Detectability: We prove the detectability portion of the theorem by showing that the sequence of decision statistics 
{D N = 11$^ — I||i}, where $> N is the estimator for the stochastic matrix <fr N defined in d4l, satisfies the two desired 
properties if the observation channel (A, B) is non-manipulable. 

To that end, first note that § N is obtained from the conditional histogram estimator T N of the stochastic matrix T N defined 
in jij. We need the following convergence property of the sequence {f N }: 

Lemma 8. \\T N — T^Hi — > in probability as N approaches infinity. 

Proof: First, define the \U\ x |Jfi| stochastic matrix il N by its (i, j)th element as 

C)N A x l,j) n7 s 

For any \i > 0, it is clear that 

Pr(||r w -f JV || 1>M ) 

< Pr (llSO^ - f^lU > |) + Pr(|| J BO JV -r JV || 1 > 

^Pr^iisn^-f^Hi > |) 



■Pr - $^11! > . =g= . (38) 

v 2^m.\\B\\ 2 



Thus the lemma is proved if we can show that the two probabilities on the right hand side of (38 i converge to as N 
approaches infinity. 

To that end, notice first that 

|| jB QJV_fiV|| i 
\Yi\ \Xi\ 

= EE P^k;-r£l 
i=i j=i 



\Yi\ \Xi\ \U\ N , . N( 



i=i j=i k=i 



Hi 



3,k 



where the inequality above is due to the fact that w (yi,i, xi,j) — J2k n (yi,i) v k,%i,j)- This implies that 

Pr(||Bfi w -f w ||i > | 

\Yi\ \X t \ \U\ , 



But for any i, j, and k, 



4|f/| 2 |x 1 | 2 |r 1 | 2 



{Pr{x?tT$ lls )+E [Xl]tS [H? dik ]} 



(40) 



21 



where E^x^.si'} denotes that conditional expectation E[-\x^ G ^[Xi] s\- Further, for any small enough positive 5, 

E [Xi],si H i,j,k] 

E[Xi],s [(p(yi,iM wN ( v k>xi,j) - TT N (y 1 ^,v k ,x lj )) 2 ] 



< 



En=l E [Xt] 



N*(p(x ltj )-5) 2 

e [(piviM - i n (yi,i)) 2 \v N ,x?] 



< 



p(yiA v k) 
N(p(x ld )-S)* 



(41) 



where the equality on the third line above results from the fact that p{yi \v , ) = p(yi\v) and the elements of y{ 



,N 



are conditionally independent given v . Combi ning (41 1 and the well known fact, for example see 11261 Theorem 6.2], that 



Pr(>f £ T$ i]iS ) -> as N -> oo, we get from (40J that Pr (\H id! k\ > 
get Pr (\\Bn j 



2|c/||x 1 ||y 1 | 



as N — > oo. Using (39 1, we further 



as N — > oo. 



Next, note that we can rewrite ([37) as 



N = 7T N (Ui,X hj ) 

* n N (x ld ) 



E 



+E 



Similarly, we have 



k^i 



(Ui) 



+E 



71- N {Vj,U k ) 

K N {u k ) 



p(u k \ Xj ). 



Let 



Then we have, for each i and j, 





7T N 


7T 




= E 




k=jti 


H i,j 


= E 




k^jti 


Pr [ 


K - 



k^i 

p(Ui\Xlj) 



ir N (uj,x ltj ) 

ir N (v k ,u i ,x lt: j) _ TT N (v k ,Ui) 



n N (x ltj ) tt n (u k ) 



p{u k \x 1% 



2|C7||X 1 | v ^p^.||B|| 5 



< y Pr \H\ ,.| > 



(42) 



By employing the fact that p(x^\u,v) — p(x^\u ) and the conditional independence of the elements of u given x± , 
each of the three probabilities on the right hand side of ( 42 1 can be shown to converge to as N approaches infinity by using 

> 2|[7||x 1 ||y 1 | ) ~~ * above. Thus, the probability on the left 



typicality arguments similar to the one that shows Pr (\Hi d , k \ 
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hand side of ( |42| ) also converges to as N approaches infinity. Finally, 

<,N x.N ah ^ A 1 



Pr ^||Q JV -* J M||i > 

\U\ |Xi| 



< 



2V|X 1 ||y 1 |-|| J B| 

' A 1 / 

i=l 3=1 \ 



> 



2|^||X x | > /|X 1 ||yi|.||B||2 







as N — > oo. ■ 

Now we proceed to show detecta bility i n Theorem [l] For any fixed \x > 0, choose according to It is clear from 

; M Thus Lemma 8 implies 



the definition of G /J (r ) in Section 



III-D 



that $ w e G M (r JV ) whenever ||T 



< 



that Pr($ € G>(T *)) — > 1 as TV — > oo, and hence the probability that G M (r ) is non-empty approaches 1. We employ this 
property below to show that the sequence of decision statistics {||** — I\\i} satisfies both Properties 1 and 2 stated in the 
theorem. 

To show Property 1 of Theorem [T] first note that 



Pr(J|**-J||i>(5 p| US" -J||i >S) 

> Pr ($ N G G M (f*) p| ||** - J||i > S 

n \\* n -i\\i>s) 

= Pr (** G G M (f*) P ||**-J||i>s) 

> Pr(||**-/||i ><5) - Pr($* £ G„(f*)) 



(43) 

where the equality on the third line is due to the definition of $* in Hence, if limsup^^^ Pr(||** — J||i > S) > 0, 
( |43"| > implies 

limsupPr(||** - J||i > 5 \ ||** - I\\i > S) = 1. 

JV-»oo 

To show Property 2 of Theorem [T] consider the constants ci, C2, and C3 given in Theorem [5] Let c = 2 + C3. By choosing 
< /i < gf^ an d making use of Theorem |5j it is easy to check that 



Pr 



< 



P II*" 



< Pr (||$* - J||i < of P 11$" - J||i < S 



I\\i<6 



which in turn implies 



(» 



Pr ! 11$* 

< Pr I or* 



I\\!>cS P ||**-J||i<<5 
M 1 



\2V| 



1 > 



Hence by Lemma § if liminfjv^oo Pr(||** - J||i < 6) > 0, d44b gives 

> e<5 I 11$* -/||i <6) = 0. 



(44) 



lim Pr(||$* 

jV->-oo 

2) Corollary^ Now we can use the results above to prove Corollary [T] by showing the sequence of decision statistics 
I** — /||i} satisfies the four stated properties under the corresponding special cases: 
a) II** — J||i — > in probability: Since 

Pr(||**-J||i>5) 

J||i><5 \\<!> N - Ih < - 



< Pr ||$ 



Pr ||$ 



/111 < - 



Pr ||$ 



* > 4 

C 



for any (5 > 0, Property 2 of Theorem [T] implies limjv->oo Pr(||$* — J||i > S) = 0. 
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b) N? — /Hi in probability: If lim supjy^^ Pr(||$ — > S) = 0, then there is nothing to show. Otherwise, 
Lemma[8]and {S} give limsup^^ Prdl^ - > <5) > hmsup^^ Prfll^ - > 5). 

c) \\§ Nm — $|| x -> in probability and $ 7^ 7: Note that there exists <5 > such that lim sup jy^^ Prdl^ — 7||i > 
5) = 1 in this case. For any such 5, Property 2 just above implies the required result. 

d) \\$ N - $|| 1 -> in probability and $ 7^ 7: In this case, there exists 5 > such that lirriAr^oo Prdl^ — J||i > 5) = 1. 
Using Lemma [8] and ( 43 1 gives the desired result for any such 5. 

3) Converse: Recall that x± and are the sequences of symbols transmitted and received by node 1 at time instants 
1, 2, . . . , TV and TV + 1, TV + 2, ... , 2 TV, respectively. Let 7?^ = D N (xf, yf) be the TVth decision statistic in the sequence, 
assumed to exist in the statement of Theorem [I] that satisfies Properties 1 and 2. Suppose that there exists a stochastic $' 7^ 7 
such that B&A = BA = T. 



For the identity relay manipulation map, i.e., <f) (it ) 



,N 



<!> N = I, and ^1^) = nli T 



. Since $ 



A r 



it is easy to check that p{v n \u n ) = 
I for all TV, we have for every 5 > 0, 



AT 



Xn(3/f),X»«) ' 



x»(*f) 



Pr(D w > 6) 
Pr [ £>" > 8 




A' 



/||l< 



(45) 



where the convergence on the last line is due to the assumption that Property 2 of Theorem [T] holds, and c is the constant 
described in the property. 



Consider now the random relay manipulation map that results in p(v n \u n ) 



manipulation map, it is again easy to check that p(y N \x N ) — Yin=i ^ 



For this random 



, which is a consequence of the assumption 



that B&A = T, and \\$" - $'||i -> in probability. Since $' 7^ 7, there exists a 5 > such that lim^oo Prd|$ - 7||i > 
8) = 1. For this 5, 



lim sup 

W "^ oc «, 2/ f):£>~-«, 2/ f)><5 

= limsupPr(7J Ar > 8) 

A/"->oo 



> limsupPr (7?^ > 5 

N->oo 



■ lim Pr(||$ 



A* 



I\\x>S) 



= 1 



(46) 



where the equality on the last line is due to the assumption that Property 1 of Theorem [T] holds. The conclusions in ( |4"5] > and 
(46 1 are clearly in conflict and can not be simultaneously true. Therefore there can not exist a stochastic $' 7^ 7 such that 
B&A = BA and Properties 1 and 2 hold. 

To complete the proof of the converse, we need to show the existence of a stochastic <£>' 7^ / with the property that 
B&'A — BA when the observation channel (A, B) is manipulable. To that end, first note that the manipulability of (A, B) 
implies the existence of a non-zero T with the property that all columns of TA are in the right null space of B. In addition, 
(Tj) T is balanced and (0, 0)-polarized at j, for each j — 1, 2, . . . , \U\. Let T = max T T and $' = / — T. It then easy to 
check that this $' is a valid stochastic matrix, <&' 7^ 1, and B&'A = BA. 
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D. Justification for Algorithms [7] and [2] 

Algorithm^ Let T be a \U\ x \ U\ matrix-valued variable and s be a |f/|xl vector-valued variable. Consider the following 
convex optimization problem: 



min min{-si, -s 2 , ■ . . , s\u\} 



subject to 



BTA = 














I = 1,2,.. 




fc=i 






Sk - ^k,k < 


fc = 1,2,.. 




T k ,k - 1 < 


= 1,2,.. 




T k ,i < 


fc ^ / = 1,2,.. 


.,|t/|. 



(47) 



It is clear that the optimal value of (47 1 is attained and lies inside the interval [—1,0]. This further implies that (A, B) is 
non-manipulable if and only if the optimal value of ( |47| is 0. 

Now, let ft and v be the |A"i|x|Yi| matrix-valued and |J7|xl vector- valued Lagrange multipliers for the equality constraints 



shown in the third and fourth lines of (47i. Further, let A be the \U\ x \U\ matrix-valued Lagrange multiplier matrix. The 
diagonal elements of A correspond to the inequality constraints shown in the fifth line of ( [47) 1, while the off-diagonal elements 
correspond to the inequality constraints shown in the last line of (47 1. At last, let v be the \U\ x 1 vector-valued Lagrange 
multiplier for the inequality constraints shown in second line of (|47[). Following the development in 11271 Ch. 5], we obtain the 
Lagrange dual function of ( |47| as below: 



ff(7,A, v,Q) 



if 



A fc ,fe>l fc = l,2,...,|[/|, 

7fe + v k + [AnB] Kk = A fc , fc k = 1, 2, . . . , \U\, 
v k + [A£lB]k,i = -A k ,i kj=l = l,2,...,\U\ 
-oo otherwise. 



Consider the Lagrange dual problem of ( |47| i: 

max 5(7, A, v, Q) 

7,A,!/,U 

subject to 

7fc > 
A fc , ; > 



fc = l,2, 
k,l = 1,2, 



,1^1, 

■ \u\. 



(48) 



Since the primal problem ( |47| satisfies the Slater's condition l27l Ch. 5], the optimal duality gap between the primal and dual 
problems is zero. That is, the optimal value of (48 1 is the same as the optimal value of (47 1. Hence (A, B) is non-manipulable 
if and only if the optimal value of ( j48] > is 0. Finally, it is easy to verify that the negation of the optimal value of the linear 
program in Step [2] of Algorithm [T] is the optimal value of ( 48 1 and vice versa. As a result, Algorithm [T] determines whether 
(A, B) is manipulable. 

Proof of Theorem^ In the proof of Lemma [6] we have shown that the condition of (A, B) being non-manipulable implies 
that no normalized, (a m i n , 0)-double polarized vector can be in the left null space of A. It remains to show the reverse 
implication here. 

Given that the left null space of A does not contain any (a m i n , 0)-double polarized vector, we need to show that (A, B) is 
non-manipulable when the right null space of B is trivial. To that end, let us suppose on the contrary that (A, B) is manipulable. 
Since the right null space of B is trivial, there exists a \U\ X |?7| non-zero matrix T in the left null space of A, with its jth 
column, (Tj) T , for each j = 1,2,..., \U\, is balanced and (0, 0)-polarized at j. Let m be the number of non-zero columns 
of T. By proper permutation of rows and columns of T if necessary, we can assume with no loss of generality that the first 
m columns are non-zero while the remaining \U\ — m columns are zero. 

First, we claim that m > 2. Indeed, suppose that m = 1 and only the first column (T^) T is non-zero. Then we have 
T1.1 > and T1.1A1 = 0. Since it is our assumption that A contains no zero rows, we must have T1.1 = 0, which creates a 
contradiction. 
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Next, let 



T x = 
T 2 = 



ITolh 



T — 



E\V\ y I 



Put these to row vectors together to form the tox |[/| matrix T. Using the fact that (Tj 
j for j — 1, 2, . . . , to together with Lemma [l] it is easy to check that T is a normalized, 
null space of A. Moreover, it is also true that 



E 

i=i 



T: + 



T m = 0. 



T is balanced and (0, 0)-polarized at 
(amin, 0)-polarized matrix in the left 

(49) 



Now, as argued in the proof of Lemma [6] there must exist e s and ea, which respectively satisfy ( 18 
left null space of A contains no (a m ; n , e^) -double polarized vector. Hence we can apply Corollary]? 
row of it can be e s -dependent upon the other rows. However, this conclusion contradicts (49 1. Therefore (A, B) must not be 
manipulable. 

Algorithm [2| We use Lemma [T] to show that the Algorithm [2] can be used to check for double polarized vectors in the 
left null space of A. To that end, recall that n = \U\ — rank(A) is the dimension of the left null space of A. If n = 0, the 
left null space of A is trivial and hence it can not contain any normalized, (a m i n , 0)-double polarized vector. For n > 0, let 
T = (J T) be the row-reduced echelon basis matrix as stated in StepjiJ of the algorithm. When n = \U\ — 1, Tj is a scalar, 
for i = 1, 2, . . . , n. By Lemma[T| Tj must be negative and the normalized version of Tj must be a (a m - m , 0)-double polarized 
vector in the left null space of A. 

Now assume 1 < n < \U\ — 2 and consider the stated steps. First note that any fa ? i n , 0)-double polarized vector in the left 



null space of A can only be a linear combination of at most two rows of T. If in Step 3c i there is a Tj that contains all but one 
zero element, Lemma [T| again forces the non-zero element be negative and the normalized version of Tj be a (a m i n , 0)-double 
polarized vector in the left null space of A. Otherwise no (normalized) rows of T can be (a m ; n , 0)-double polarized. Hence 
it remains to check whether any pair of rows of T can be linearly combined to form a double polarized vector. Without loss 
of generality, suppose that the normalized version of c{Ti + c 2 T 2 is (a m i n , 0) -double polarized for some non-zero constants 
c\ and c 2 . Then it is easy to see that c\ and c 2 must be of opposite signs and Ti = — ^T 2 . Hence if no pairs of rows of T 
satisfy the condition checked in Step 3d I, the left null space of A can not contain any normalized, (a m i n , 0)-double polarized 
vector. 



VII. Conclusions 

We showed that it is possible to detect whether an amplify-and-forward relay is maliciously manipulating the symbols that it 
forwards to the other nodes by just monitoring the relayed symbols. In particular, we established a non-manipulable condition 
on the channel that serves as a necessary and sufficient requirement guaranteeing the existence of a sequence of decision 
statistics that can be used to distinguish a malicious relay from a non-malicious one. 

An important conclusion of the result is that maliciousness detectability in the context of Theorem [T] is solely determined 
by the source distributions and the conditional pmfs of the underlying MAC and BC in the channel model, regardless of how 
the relay may manipulate the symbols. Thus similar to capacity, maliciousness detectability is in fact a channel characteristic. 
The development of maliciousness detectability in this paper did not take any restrictions on the rate and coding structure 
of information transfer between the sources into account. A joint formulation of maliciousness detectability and information 
transfer is currently under investigation. 

Another interesting application of the result is that the necessity of non-manipulability can be employed to show that 
maliciousness detectability is impossible for non amplify-and-forward relays in many channel scenarios. For instance, if Romeo 
in the motivating example considered in Section |H| forwards his received symbol modulo-2 instead, we arrive at the physical- 
layer network coding (PNC) model considered in 11281 . The necessity condition of Theorem [T] can be employed to verify the 
impossibility of maliciousness detectability with the PNC operation represented by the matrix B. For this relaying operation, 
additional signaling may be needed to allow for maliciousness detection. 
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